diff options
author | Daisuke Nojiri <dnojiri@chromium.org> | 2021-04-10 08:22:05 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-06-18 16:05:25 +0000 |
commit | 21821c74d5c8ab87e0215b28786146f4261326e1 (patch) | |
tree | 0be97bf0bbab8d38bb8feb3382880738b19679c5 /fuzz | |
parent | d998a0ddccda21d15e5e0f6e08f5d2b1effff6b5 (diff) | |
download | chrome-ec-21821c74d5c8ab87e0215b28786146f4261326e1.tar.gz |
PCHG: Acquire lock before wait/signal pthread condition
This patch makes test_fuzz_one_input acquire a lock before waiting
on done_cond and makes irq_task acquire a lock before signaling
done_cond. Otherwise, undefined behavior would result.
BUG=b:190841496, chromium:1221266
BRANCH=trogdor
TEST=make run-pchg_fuzz
TEST=pchg_fuzz.exe -seed=1 -runs=1000000 -dict=fuzz/pchg_fuzz.corpus
Change-Id: Ic5572bae7c8764d44a7872869c5f8e9b4503280b
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2971867
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Diffstat (limited to 'fuzz')
-rw-r--r-- | fuzz/pchg_fuzz.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/fuzz/pchg_fuzz.c b/fuzz/pchg_fuzz.c index 14bdb94566..301a592617 100644 --- a/fuzz/pchg_fuzz.c +++ b/fuzz/pchg_fuzz.c @@ -87,7 +87,9 @@ void irq_task(int argc, char **argv) test_chipset_off(); + pthread_mutex_lock(&lock); pthread_cond_signal(&done_cond); + pthread_mutex_unlock(&lock); } } @@ -103,13 +105,19 @@ int test_fuzz_one_input(const uint8_t *data, unsigned int size) if (size < sizeof(struct ctn730_msg)) return 0; + pthread_mutex_init(&lock, NULL); + pthread_cond_init(&done_cond, NULL); + head = input; tail = input + size; memcpy(input, data, size); data_available = true; task_set_event(TASK_ID_IRQ, TASK_EVENT_FUZZ); + + pthread_mutex_lock(&lock); pthread_cond_wait(&done_cond, &lock); + pthread_mutex_unlock(&lock); return 0; } |